[arch-devops] Arch Linux ISO Checksums on archlinux.org
Chris.Rebischke at archlinux.org
Tue Feb 23 15:13:36 UTC 2016
On Mon, Feb 22, 2016 at 04:55:17PM +0100, Levente Polyak wrote:
> On February 22, 2016 4:22:40 PM GMT+01:00, Christian Rebischke <Chris.Rebischke at archlinux.org> wrote:
> >Maybe we should also sign the ISO with a GPG-Key.
> >I don't mean that we should remove the MD5 checksum but we should add
> >other checksum and sign the ISO.
> The ISO is actually signed, above the mentioned checksums  you can find the signature file .
>  https://www.archlinux.org/download/
>  https://www.archlinux.org/iso/2016.02.01/archlinux-2016.02.01-dual.iso.sig
Sorry guys, there I was too fast and inattentive.
But, however, what do you think about adding a stronger checksum to it?
I know that a GPG-signatures + MD5 or SHA1 would be enough but I know enough
people who just check the checksum and don't care about signatures.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the arch-devops